Getting group id from userinfo endpoint

david.stabl · October 26, 2023, 1:50pm

Hi Team i would like to ask question about assigning user to synced groups.

I want to implement feature in my system: When user logged in, user is assigned to groups created earlier during synchronization.

I created groups in my system (using Okta Group API). I got name and group_ID in my system.
I logged user using OIDC (Authorization Code Flow).
I got thin ID Token, Access Token (with groups scope), and Refresh Token.
Then i call UserInfo endpoint (because i can’t get user groups from ID Token).

Problem is, that UserInfo enpoint contains only Group name . I can match it based on name, but there is issue, when this group is renamend etc.

So my question: Is there way how can I (as user in OIDC login) get all group_id’s where i’m assigned as user? (To be able to match this group id with synced groups earlier).

Thank you
David

andrea · October 27, 2023, 12:11am

You could look to use getFilteredGroups, as mentioned here: Customize tokens returned from Okta with a static allow list | Okta Developer.

It takes 3 arguments: a list of groups (by ID) to compare against, the value you want returned, and the limit. The second argument supports group.id, which controls the output format.

e.g.

getFilteredGroups({"00gxxxxxxxxxxx1", "00gxxxxxxxxxxx2"},"group.id",100)